CVE-2023-40338Log File Information Exposure in Project Jenkins Folders Plugin

CWE-532Log File Information ExposureCWE-200Sensitive Information ExposureCWE-209Information Exposure via Error Message6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 70.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Jenkins Project Jenkins Folders PluginJenkins Folders
Timeline
PublishedAug 16

Description

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are available, exposing information about the Jenkins controller file system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

CVEListV5jenkins_project/jenkins_folders_plugin6.846.v23698686f0f6
NVDjenkins/folders6.846.v23698686f0f6

🔴Vulnerability Details

3
OSV
Jenkins Folders Plugin information disclosure vulnerability2023-08-16
GHSA
Jenkins Folders Plugin information disclosure vulnerability2023-08-16
CVEList
CVE-2023-40338: Jenkins Folders Plugin 62023-08-16

📋Vendor Advisories

2
Red Hat
jenkins-plugins: cloudbees-folder: Information disclosure in Folders Plugin2023-08-16
Jenkins
Jenkins Security Advisory 2023-08-162023-08-16
CVE-2023-40338 — Log File Information Exposure | cvebase